Google SAML SSO Configuration Guide

Step 1: Navigate to Google Admin Console

1. Open your web browser and go to Google Admin Console (admin.google.com)

2. Log in with your administrator credentials

3. From the main dashboard, locate and click on the "Apps" section in the left sidebar

4. Select "Web and mobile apps" from the Apps menu

5. You will see a list of all currently configured applications

Step 2: Add a New SAML Application

6. On the Web and mobile apps page, click the "Add App" button located at the top

7. From the dropdown menu, select "Add custom SAML app"

8. This will open the SAML app configuration wizard
   

Step 3: Configure App Name and Details

1. In the "App name" field, enter the name for your application (example shown: "test")

2. Optionally, you can add a description and upload an app icon/logo

3. Review the app details

4. Click the "Continue" button to proceed to the next step

Step 4: Google Identity Provider Details

1. On this screen, Google provides the Identity Provider (IdP) information

2. You have multiple options to download/copy this information:

   • Copy the "SSO URL" (Single Sign-On URL) - this is the endpoint where authentication requests are sent

   • Copy the "Entity ID" - this is the unique identifier for Google as the identity provider

3. Save all this information as you will need it to configure your service provider

4. Click "Continue" to move to the next step

Step 5: Service Provider Details Configuration

1. Enter the "ACS URL" (Assertion Consumer Service URL) - this is the URL on your application where Google will send the SAML response ( On console go to Integrations->SAML->Sign In Redirect URL )

2. Enter the "Entity ID" for your service provider - this is the unique identifier for your application (“https://console.clouddefenseai.com/auth/realms/cdefense”)

3. Set the "Name ID format" from the dropdown menu

4. Select "EMAIL" as the Name ID format (this tells Google to send the user's email as the identifier)

5. Set "Name ID" to "Basic Information > Primary email"

6. Review all the entered information carefully

7. Click "Continue" to proceed

Step 6: Attribute Mapping Configuration

1. On this screen, you can skip the things by clicking "Finish" .

Step 7: Enable the Application for Users

1. After completing the setup, you'll be taken to the app details page

2. Locate the "User access" section

3. Click on the service status toggle or "OFF" button

4. Select one of the following options:

   • "ON for everyone" - enables the app for all users in your organization

   • "ON for some organizations" - select specific organizational units

   • "OFF" - keeps the app disabled

5. For immediate access, select "ON for everyone"

6. Click "Save" to apply the changes

Step 8: Verify and Test the Configuration

1. The app will now appear in your Web and mobile apps list

2. Verify that the status shows "ON" with a green indicator

3. Check that all configuration details are correct

4. Test the SSO login by accessing your application

5. Users should now be able to sign in using their Google credentials

6. Configuration is complete and ready for use